Some service providers use conventional risk-based authentication systems to assess a risk of processing customer transactions. For example, an online bank may employ a risk engine of such a risk-based authentication system to assign risk scores to banking transactions where higher risk scores indicate higher risk.
In generating a risk score, the risk score engine takes as input values of various transaction attributes (e.g., time of receipt, geolocation). For each customer of the online bank, there is an associated history based on values of the attributes associated with previous transactions involving that customer. The risk engine incorporates the history associated with the customer into an evaluation of the risk score. Significant variation of one or more attribute values from those in the customer's history may signify that the banking transaction has a high risk.
For example, suppose that a particular customer historically submitted transaction requests to the online bank at 3:00 PM from Tel Aviv, and, under the customer's identifier, a user submits a new transaction request at 2:00 AM from Boston. In this case, the risk engine would assign a larger risk score to a transaction resulting from the new transaction request.